aboutsummaryrefslogblamecommitdiffstats
path: root/main/libc0.9.32/0001-config-parser-fix-memory-corruption.patch
blob: 58acfb4234b4f07d4312fa01ace0e04ed24789b2 (plain) (tree)












































                                                                                                
From 80bcb7a4806b27397629cf2e6bcbb7e8a0c5db5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Fri, 6 Aug 2010 11:29:38 +0300
Subject: [PATCH] config parser: fix memory corruption
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

fgets will happily write over allocated area limits. Adjusted the
buffer size according to how much is already read.

Also increase the maximum default line length, as 80 is slightly
small. It might be better if bb_get_chunk_with_continuation would
reallocate the line buffer if it was not user given.

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
 libc/misc/internals/parse_config.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libc/misc/internals/parse_config.c b/libc/misc/internals/parse_config.c
index cbb6ef7..8404d80 100644
--- a/libc/misc/internals/parse_config.c
+++ b/libc/misc/internals/parse_config.c
@@ -60,7 +60,7 @@ static off_t bb_get_chunk_with_continuation(parser_t* parsr)
 	char *chp;
 
 	while (1) {
-		if (fgets(parsr->line + pos, parsr->line_len, parsr->fp) == NULL) {
+		if (fgets(parsr->line + pos, parsr->line_len - pos, parsr->fp) == NULL) {
 			memset(parsr->line, 0, parsr->line_len);
 			pos = -1;
 			break;
@@ -179,7 +179,7 @@ int attribute_hidden FAST_FUNC config_read(parser_t *parser, char ***tokens,
 again:
 	if (parser->data == NULL) {
 		if (parser->line_len == 0)
-			parser->line_len = 81;
+			parser->line_len = 161;
 		if (parser->data_len == 0)
 			parser->data_len += 1 + ntokens * sizeof(char *);
 		parser->data = realloc(parser->data,
-- 
1.7.0.4